summaryrefslogtreecommitdiff
path: root/modules/pam_unix
diff options
context:
space:
mode:
authorChristian Göttsche <cgzones@googlemail.com>2020-08-03 20:05:00 +0200
committerTomáš Mráz <tmraz@redhat.com>2020-08-05 16:30:03 +0200
commitc7ca67d03cb8b21ceb56e925deb34a6c3337c23b (patch)
treefaad8880f071185f5f79699c96a861d7d745465d /modules/pam_unix
parent155e14e9e23b6dee8e95c3358b18269368110efc (diff)
pam_unix: skip context translation
These retrieved contexts are just passed to libselinux functions and not printed or otherwise made available to the outside, so a context translation to human readable MCS/MLS labels is not needed. (see man:setrans.conf(5))
Diffstat (limited to 'modules/pam_unix')
-rw-r--r--modules/pam_unix/lckpwdf.-c10
-rw-r--r--modules/pam_unix/passverify.c78
2 files changed, 44 insertions, 44 deletions
diff --git a/modules/pam_unix/lckpwdf.-c b/modules/pam_unix/lckpwdf.-c
index 0bc9c5ad..c3e63155 100644
--- a/modules/pam_unix/lckpwdf.-c
+++ b/modules/pam_unix/lckpwdf.-c
@@ -73,17 +73,17 @@ static int lckpwdf(void)
lockfd = open(LOCKFILE, O_WRONLY);
if(lockfd == -1 && errno == ENOENT)
{
- char *create_context;
+ char *create_context_raw;
int rc;
- if(getfilecon("/etc/passwd", &create_context))
+ if(getfilecon_raw("/etc/passwd", &create_context_raw))
return -1;
- rc = setfscreatecon(create_context);
- freecon(create_context);
+ rc = setfscreatecon_raw(create_context_raw);
+ freecon(create_context_raw);
if(rc)
return -1;
lockfd = open(LOCKFILE, O_CREAT | O_WRONLY, 0600);
- if(setfscreatecon(NULL))
+ if(setfscreatecon_raw(NULL))
return -1;
}
}
diff --git a/modules/pam_unix/passverify.c b/modules/pam_unix/passverify.c
index c9af24f9..c0fbc987 100644
--- a/modules/pam_unix/passverify.c
+++ b/modules/pam_unix/passverify.c
@@ -650,7 +650,7 @@ save_old_password(pam_handle_t *pamh, const char *forwho, const char *oldpass,
struct stat st;
size_t len = strlen(forwho);
#ifdef WITH_SELINUX
- char *prev_context=NULL;
+ char *prev_context_raw = NULL;
#endif
if (howmany < 0) {
@@ -665,20 +665,20 @@ save_old_password(pam_handle_t *pamh, const char *forwho, const char *oldpass,
#ifdef WITH_SELINUX
if (SELINUX_ENABLED) {
- char *passwd_context=NULL;
- if (getfilecon("/etc/passwd",&passwd_context)<0) {
+ char *passwd_context_raw = NULL;
+ if (getfilecon_raw("/etc/passwd",&passwd_context_raw)<0) {
return PAM_AUTHTOK_ERR;
};
- if (getfscreatecon(&prev_context)<0) {
- freecon(passwd_context);
+ if (getfscreatecon_raw(&prev_context_raw)<0) {
+ freecon(passwd_context_raw);
return PAM_AUTHTOK_ERR;
}
- if (setfscreatecon(passwd_context)) {
- freecon(passwd_context);
- freecon(prev_context);
+ if (setfscreatecon_raw(passwd_context_raw)) {
+ freecon(passwd_context_raw);
+ freecon(prev_context_raw);
return PAM_AUTHTOK_ERR;
}
- freecon(passwd_context);
+ freecon(passwd_context_raw);
}
#endif
pwfile = fopen(OPW_TMPFILE, "w");
@@ -796,12 +796,12 @@ done:
}
#ifdef WITH_SELINUX
if (SELINUX_ENABLED) {
- if (setfscreatecon(prev_context)) {
+ if (setfscreatecon_raw(prev_context_raw)) {
err = 1;
}
- if (prev_context)
- freecon(prev_context);
- prev_context=NULL;
+ if (prev_context_raw)
+ freecon(prev_context_raw);
+ prev_context_raw = NULL;
}
#endif
if (!err) {
@@ -821,26 +821,26 @@ PAMH_ARG_DECL(int unix_update_passwd,
int err = 1;
int oldmask;
#ifdef WITH_SELINUX
- char *prev_context=NULL;
+ char *prev_context_raw = NULL;
#endif
oldmask = umask(077);
#ifdef WITH_SELINUX
if (SELINUX_ENABLED) {
- char *passwd_context=NULL;
- if (getfilecon("/etc/passwd",&passwd_context)<0) {
+ char *passwd_context_raw = NULL;
+ if (getfilecon_raw("/etc/passwd",&passwd_context_raw)<0) {
return PAM_AUTHTOK_ERR;
};
- if (getfscreatecon(&prev_context)<0) {
- freecon(passwd_context);
+ if (getfscreatecon_raw(&prev_context_raw)<0) {
+ freecon(passwd_context_raw);
return PAM_AUTHTOK_ERR;
}
- if (setfscreatecon(passwd_context)) {
- freecon(passwd_context);
- freecon(prev_context);
+ if (setfscreatecon_raw(passwd_context_raw)) {
+ freecon(passwd_context_raw);
+ freecon(prev_context_raw);
return PAM_AUTHTOK_ERR;
}
- freecon(passwd_context);
+ freecon(passwd_context_raw);
}
#endif
pwfile = fopen(PW_TMPFILE, "w");
@@ -919,12 +919,12 @@ done:
}
#ifdef WITH_SELINUX
if (SELINUX_ENABLED) {
- if (setfscreatecon(prev_context)) {
+ if (setfscreatecon_raw(prev_context_raw)) {
err = 1;
}
- if (prev_context)
- freecon(prev_context);
- prev_context=NULL;
+ if (prev_context_raw)
+ freecon(prev_context_raw);
+ prev_context_raw = NULL;
}
#endif
if (!err) {
@@ -945,27 +945,27 @@ PAMH_ARG_DECL(int unix_update_shadow,
int oldmask;
int wroteentry = 0;
#ifdef WITH_SELINUX
- char *prev_context=NULL;
+ char *prev_context_raw = NULL;
#endif
oldmask = umask(077);
#ifdef WITH_SELINUX
if (SELINUX_ENABLED) {
- char *shadow_context=NULL;
- if (getfilecon("/etc/shadow",&shadow_context)<0) {
+ char *shadow_context_raw = NULL;
+ if (getfilecon_raw("/etc/shadow",&shadow_context_raw)<0) {
return PAM_AUTHTOK_ERR;
};
- if (getfscreatecon(&prev_context)<0) {
- freecon(shadow_context);
+ if (getfscreatecon_raw(&prev_context_raw)<0) {
+ freecon(shadow_context_raw);
return PAM_AUTHTOK_ERR;
}
- if (setfscreatecon(shadow_context)) {
- freecon(shadow_context);
- freecon(prev_context);
+ if (setfscreatecon_raw(shadow_context_raw)) {
+ freecon(shadow_context_raw);
+ freecon(prev_context_raw);
return PAM_AUTHTOK_ERR;
}
- freecon(shadow_context);
+ freecon(shadow_context_raw);
}
#endif
pwfile = fopen(SH_TMPFILE, "w");
@@ -1065,12 +1065,12 @@ PAMH_ARG_DECL(int unix_update_shadow,
#ifdef WITH_SELINUX
if (SELINUX_ENABLED) {
- if (setfscreatecon(prev_context)) {
+ if (setfscreatecon_raw(prev_context_raw)) {
err = 1;
}
- if (prev_context)
- freecon(prev_context);
- prev_context=NULL;
+ if (prev_context_raw)
+ freecon(prev_context_raw);
+ prev_context_raw = NULL;
}
#endif